From education to employment

Ofqual moving traditional exams online – NETSCOUT comments on cybersecurity implications

young female smiling looking at computer

Last week (Wednesday 4 May), student examinations regulator Ofqual announced its plans to transition traditional pen-and-paper exams to digital platforms for its test takers. This news comes as the organisation revealed its corporate plans for 2022 – 2025*, largely taking into account the impact of the COVID-19 pandemic on its operations and traditional examination processes.

Richard Hummel, threat intelligence lead at NETSCOUT, advises that early implementation of effective cybersecurity practices will give the education sector the best chance of overcoming today’s most common digital threats:

“Digitally transforming the education sector of course brings many benefits when it comes to improving and future-proofing teaching – especially in light of recent disruptions to learning during the COVID-19 pandemic. However, educational institutions and authorities must ensure that they have effective cybersecurity measures in place when moving any lessons or exams online to avoid issues with accessing the digital platforms.

“Cyberattacks, particularly distributed denial of service (DDoS) attacks, are reaching new records each year. Intended to overwhelm digital services to the point of crashing, more than 4.4 million DDoS attacks** were launched worldwide from July to December last year. On average, this equates to a DDoS attack occurring every three seconds. When it comes to the education sector, institutions faced a 102 per cent increase in DDoS attacks compared to the year before. At NETSCOUT, we have reason to believe that students are behind a proportion of these attacks in order to delay their assignment deadlines and exams as well as disrupting classes. With Ofqual planning to move more traditional exams online, this creates even more of a target for DDoS attacks against the digital platforms.

“We also found that DDoS-for-hire services are now more available to the greater population. Numerous websites offer these services for free and have little to no vetting processes in place. So, any student or member of the public can launch DDoS attacks against institutions and edtech platforms without needing a cryptocurrency account, nor even paying for the service that causes so much disruption.  

“For the education sector to successfully defend its online infrastructure from these threats, it is paramount that organisations invest in a strong and effective DDoS protection system and that they test it regularly to account for changes in attack methodology. Organisations should also consider partnering with an on-demand DDoS attack specialist. By utilising their expertise, institutions and edtech providers can negotiate unfamiliar circumstances and terrain, which should benefit the entire organisation. By adhering to best current practice procedures and putting these aforementioned recommendations into practice, they will be in a strong position to successfully defend digital platforms should they be the target of a DDoS attack.” 



Related Articles


  1. Cyber security threats are most common digital threats, so we need to have strong and secure systems to protect our systems. I came across Mazebolt Radar recently, does anyone know anything about it?